EFF: Ring app sends user data to third parties. Ring: Duh
At least three analytics firms, plus Facebook, receive data
The Ring app for Android is "packed with third-party trackers sending out a plethora of customers' personally identifiable information," claims the Electronic Frontier Foundation (EFF) in a new report.
"Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers," adds the EFF in the report, posted on the group's website yesterday (Jan. 27).
The EFF names those companies as AppsFlyer, Branch, MixPanel and, um, Facebook. The first three aren't household names, but they're well-known app-analytics firms that help developers see how their apps are used. All are present in many apps already on your smartphone, whether it's an Android phone or an iPhone.
In a statement to Tom's Guide, Ring denied that it was collecting this user information for nefarious or commercial purposes, and said that the data being collected was for Ring's exclusive use.
"Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing," the statement said.
"Ring ensures that service providers' use of the data provided is contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes."
What you need to know
So should you worry that your Ring app is tracking your every move? Probably not.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Whether you use an iPhone or an Android phone, your smartphone is running dozens of apps that, like Ring's, send information to third parties for various purposes. Many of those apps sell that data to marketing companies, although it doesn't appear that Ring's app is among them.
How to disable third-party tracking on Ring cameras
While not all of the trackers mentioned in the EFF report are listed on this page, Ring camera owners can opt out of third-party tracking services by going to this page:
https://ring.com/third-party-services
How the EFF analyzed the Ring app
To analyze the traffic coming from the Ring app on an Android phone, the EFF used tools called MITMProxy and Frida. At first, Ring's encryption turned out to be so good that the EFF researchers couldn't see what was being transmitted.
The EFF report says Ring's strong encryption is a bad thing because it can "prevent security researchers and users from seeing exactly what information these devices are sending."
We never thought we'd see the EFF agree with the FBI and the U.S. Department of Justice on that point.
Ring has been in the spotlight for a couple of reasons. First, many of its customers set up their Ring accounts with weak or reused passwords, making it easy for jerks to access those accounts and get Ring indoor cameras to say rude things to little kids.
While Ring did not make it obvious at first, you can lock down your Ring camera's security by enabling its two-factor authentication option.
The other reason may be political. Ring asks its customers to share footage from Ring video doorbells and other Ring home security cameras with local police forces who might want to track miscreants.
That may or may not reduce crime. But it has set off alarms among privacy advocates worried that we're "surveillance capitalism," in which Big Brother looks a lot like Amazon CEO Jeff Bezos, whose company owns Ring.
The EFF hints at this angle in its report on the Ring app: It says the company "profit[s] from a surveillance network which facilitates police departments' unprecedented access into the private lives of citizens."
That's a valid point, although we would use less loaded language. What we'd really like to see is the EFF and other privacy advocates analyze the data-sharing behavior of all major security-camera and video-doorbell apps -- Arlo, Nest, Wyze and so on -- instead of just focusing on the one that's currently making headlines.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.